Industry Best Practices for Backup Infrastructure Recovery from Ransomware Attacks

Backup Recovery Systems and Architecture

Over the last six months, Ransomware attacks have grown significantly using common vectors such as Social Engineering, Malware, and Phishing. Customers know that their data is the most important asset they have, and that they need to do everything possible to secure it.

Despite this imposing threat, many problems exist with backup and security architecture. Organizations today tend not to invest heavily in their backup architecture because they believe it’s not that critical to the business — when, in fact, backup, just like insurance, is vital to the business’s overall success.

Many backup environments are architected to create a set of secondary copies of business data. However, what is missing from this architecture is a review of where that secondary copy resides. Presidio has reviewed many backup solutions and found numerous problems, including:
• Backup architecture uses the same credential repository as the production architecture.
• Backup data repository allows changes in data stored.
• Backup network is not logically separate from the production network.
• There is no testing of backups against recovery time and recovery point objectives.

Organizations build their backup infrastructure with the belief that it only needs to provide a secondary copy of its data; thus, data lost from hardware failure or simple data corruption can typically be recovered, but not data lost from complete data unavailability as a result of a Ransomware attack. In this blog, we aim to provide some industry best practices around the backup infrastructure needed to recover from a Ransomware attack.

Traditional backup and recovery architecture doesn’t cut it anymore. To architect a backup infrastructure that is Ransomware-resilient, a few things need to happen. The first thing a customer needs to think about is the need for an immutable copy of their data to recover. The copy needs to be in an isolated domain. Traditional security architectures have not kept up with the workforce changes that have been accelerated by the COVID-19 pandemic.

Workforces were already increasingly mobile, utilizing cloud services for critical business tasks and functioning outside the traditional firewalled office environment. To protect critical business systems, security controls need to be ubiquitous throughout an organization and provide protection, whether the end-users are working from home or they’ve returned to the office.

How is Presidio helping customers with Ransomware attacks?
Presidio is assisting clients today with transforming their businesses and maintaining security by working with them every step of the way. The Presidio experts help customers with designing an appropriate security architecture, applying the correct controls to meet their needs, and validating that the controls are effective.

For more information or to schedule a Ransomware workshop, please contact our security team.

Leave a comment

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.